Legal

Privacy Policy

Last updated: March 11, 2026

1. Data Controller

Consentr by Network-IT
Adegemstraat 88, 2800 Mechelen, België
KBO: BE0553.500.113
E-mail: hello@consentr.io

Network-IT, operating under the name Consentr, is the data controller for the processing of personal data as described in this privacy policy.

2. What data do we collect?

2.1. Account data

When you create an account, we collect:

  • Name
  • Email address
  • Password (stored encrypted)
  • Phone number (optional)

2.2. Organization data

When creating an organization, we collect:

  • Organization name
  • Contact person, email address and phone number
  • VAT number
  • Address details (street, zip code, city, country)

2.3. Technical data

When using our platform, we record:

  • IP address (hashed for consent records)
  • Browser type and version (User Agent)
  • Login timestamp
  • Session data

2.4. Consent records

We store consent records on behalf of our customers. These contain an anonymized visitor ID, hashed IP addresses, the timestamp of consent and the chosen preferences. This data is stored as proof of consent in accordance with the GDPR.

2.5. Payment data

Payments are processed by Stripe. We do not store credit card numbers or bank details. Stripe processes this data in accordance with their own privacy policy and PCI-DSS standards.

3. Purposes of processing

We process your personal data for the following purposes:

PurposeLegal basis (GDPR)
Provision of our services (consent management platform)Performance of the contract (Art. 6.1.b)
Account management and authenticationPerformance of the contract (Art. 6.1.b)
Invoicing and payment processingPerformance of the contract (Art. 6.1.b)
Storage of consent records (audit trail)Legal obligation (Art. 6.1.c)
Customer service and supportLegitimate interest (Art. 6.1.f)
Security monitoring and fraud preventionLegitimate interest (Art. 6.1.f)
Sending service-related emailsPerformance of the contract (Art. 6.1.b)

4. Retention periods

  • Account data: until you delete your account, then a maximum of 30 days in backups.
  • Consent records: at least 5 years after registration, in accordance with recommendations from supervisory authorities for burden of proof.
  • Invoice data: 7 years in accordance with Belgian accounting legislation.
  • Log files: maximum 90 days.

5. Sharing with third parties

We share your data exclusively with the following parties, and only to the extent necessary:

  • Stripe (US, EU representation) — payment processing. Stripe is certified under the EU-US Data Privacy Framework.
  • Hosting provider — our servers run within the EU (data center in Europe).
  • Email provider — for sending service emails (transactional).

We never sell your data to third parties and do not use it for advertising purposes.

6. International transfers

Your data is primarily processed and stored within the European Economic Area (EEA). Insofar as transfers take place to countries outside the EEA (for example Stripe in the US), this is done on the basis of:

  • EU-US Data Privacy Framework (adequacy decision)
  • Standard Contractual Clauses (SCCs) of the European Commission

7. Your rights

Under the GDPR, you have the following rights:

  • Right of access — You can request which data we process about you.
  • Right to rectification — You can have incorrect data corrected.
  • Right to erasure — You can request deletion of your data ("right to be forgotten").
  • Right to restriction — You can have the processing restricted.
  • Right to data portability — You can receive your data in a structured format.
  • Right to object — You can object to processing based on legitimate interest.

To exercise your rights, send an email to support@consentr.io. We will respond within 30 days.

8. Security

We take appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Hashed passwords (bcrypt)
  • Hashed IP addresses in consent records
  • Role-based access control
  • Regular backups
  • Monitoring and logging of access

9. Cookies

For our cookie policy, we refer to our separate Cookie Policypage.

10. Children

Our services are not directed at children under the age of 16. We do not knowingly collect data from minors. If you suspect that we have collected data from a minor, please contact us.

11. Changes

We may update this privacy policy from time to time. Changes will be published on this page with a new date. In case of substantial changes, we will inform you by email.

12. Complaints

Do you have a complaint about the processing of your personal data? Please contact us first at support@consentr.io. You also have the right to file a complaint with the Belgian Data Protection Authority (GBA):

Data Protection Authority
Drukpersstraat 35, 1000 Brussel
Tel: +32 (0)2 274 48 00
E-mail: contact@apd-gba.be
Website: www.gegevensbeschermingsautoriteit.be

13. Contact

For questions about this privacy policy or the processing of your personal data, you can contact:

Consentr by Network-IT
Adegemstraat 88, 2800 Mechelen, België
E-mail: support@consentr.io
KBO: BE0553.500.113